0c5adfd64eb36257ee0a3d3b73a2830dab9197ab6c5e623d8125ca2ab2fd7b36

Sharing

Copy URL Twitter E-mail

General

Target

PICleaner.exe
Size

77.4MB
Sample

240928-xsdfzsvard
MD5

674e9fe8824f9a3cb205ddd2fbd986c7
SHA1

f62a105469fecc4aaeea4ce2fc8fdf84e26c63ba
SHA256

0c5adfd64eb36257ee0a3d3b73a2830dab9197ab6c5e623d8125ca2ab2fd7b36
SHA512

00370cce9c5310fde26d35a3120dbd2801433a141cc0c20217821190627334bc7f4e53ed46ab82d579bd507ed7102540a5f727ae9a0afef33dc82b63b6f9b078
SSDEEP

1572864:I4gPXMorgR2LLDifR7PvcBK1BkfIhH60QpOfvkQgB4gJ0W3qpoq9cMtmJjbxAK7:I4AcGgR8LuSsFQpQcQgnSOqz9IAK7

Score

7^/10

Malware Config

Targets

- Target
  
  PICleaner.exe
- Size
  
  77.4MB
- MD5
  
  674e9fe8824f9a3cb205ddd2fbd986c7
- SHA1
  
  f62a105469fecc4aaeea4ce2fc8fdf84e26c63ba
- SHA256
  
  0c5adfd64eb36257ee0a3d3b73a2830dab9197ab6c5e623d8125ca2ab2fd7b36
- SHA512
  
  00370cce9c5310fde26d35a3120dbd2801433a141cc0c20217821190627334bc7f4e53ed46ab82d579bd507ed7102540a5f727ae9a0afef33dc82b63b6f9b078
- SSDEEP
  
  1572864:I4gPXMorgR2LLDifR7PvcBK1BkfIhH60QpOfvkQgB4gJ0W3qpoq9cMtmJjbxAK7:I4AcGgR8LuSsFQpQcQgnSOqz9IAK7
Score

7^/10

collection defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral3
- Target
  
  LICENSES.chromium.html
- Size
  
  8.8MB
- MD5
  
  2675b30d524b6c79b6cee41af86fc619
- SHA1
  
  407716c1bb83c211bcb51efbbcb6bf2ef1664e5b
- SHA256
  
  6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081
- SHA512
  
  3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485
- SSDEEP
  
  24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek
Score

1^/10
behavioral4
- Target
  
  PICleaner.exe
- Size
  
  164.7MB
- MD5
  
  3a468cf6e6cd7ce202d51d6a1b1584c1
- SHA1
  
  4a62e417ca2c81d60778ea20acb53506394092da
- SHA256
  
  f5afc3e3e079c895533fa178a5f1f3a3c6c7354e0d6e7abe2e771b9f7094f37c
- SHA512
  
  7dbb55a0c42c615189cdd31f38fb26ee78c8db9116600596bc5b6dedef9e093c2fdb180b3c6aeaf54021f0801894211f2a1f62104a62de20feec3081051d12ba
- SSDEEP
  
  1572864:txGeD65iMor30uXkaYCELW0ejTV1FQ3mRVvHTxnHqVstmZC/wu32Q/djfP85WhkF:4eJEhTWTjiWhS
Score

7^/10

collection defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral5
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral6
- Target
  
  ffmpeg.dll
- Size
  
  2.8MB
- MD5
  
  eda70f75c18fbc423f32d696e88ff302
- SHA1
  
  62d27cdfc9a0753b95501da75b6d81796ff70b2d
- SHA256
  
  eb015f75cd2e9025eb59a0f0f0d6d8cc397d96315dce6651cf7d8c42ab2f817a
- SHA512
  
  6245989e981a672bf04c4fac044fd128951ed75e972162d974027b49159abc8fb4398758de507d84689bf414029cea7637030f787ebfbeeba90f3b2839aec297
- SSDEEP
  
  49152:CF5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQ9SCu:CFvSkJXv+tiLAD0+D9S5
Score

1^/10
behavioral7
- Target
  
  libEGL.dll
- Size
  
  477KB
- MD5
  
  3bec18862b4d150f18262dd13b17dd1a
- SHA1
  
  93384dd4e9602401f745c78815c6c36a5c94aef3
- SHA256
  
  03d8026e81f5ce02d663076d0703fa0b1c9cb53c246cdff5ffa8c99354e4589b
- SHA512
  
  c7b66a243256476bfc467b0a8171e707425b7da21b6beaaaca954b4ccb1eb8249b27c01e46a483af99ef2197beb88e006f8c6c4e65cc7acf39c603098468df12
- SSDEEP
  
  6144:G8hd1BSjuMmof2SEXVVfgV8hxN7h2N4IEOg51f0FticyQ:G8DXSjZmof2SEsmN12N4IE7f0FticyQ
Score

1^/10
behavioral8
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  22ef6d8f6b688e4f23739fc41a809b95
- SHA1
  
  0bda3ce05b756faaf5af9158206a7a6d3f2926a1
- SHA256
  
  17c4857fd36cb143331ce1402c8bb394a25c8beca48c5abe0616dcea6a4d19a8
- SHA512
  
  4743c16ffb3c18a950747c728082937ed30e6dcdc1afca0bad0f74eef0f47c42b02bb3dd48bb66ad2fdee041fdb71603c5500ed351f7c16e7622bb01bc4c2ffe
- SSDEEP
  
  98304:XwY1sQqaLe2Egto8U4r5Pp6TlITQZ3DW888888888tb8dpi:gNaSgtvroZD
Score

1^/10
behavioral9
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral10
- Target
  
  vk_swiftshader.dll
- Size
  
  4.9MB
- MD5
  
  6462f53038234de8fef3e6fa31bb46d7
- SHA1
  
  8f610b8bf9ef943411c50b5d7862d616d2232b03
- SHA256
  
  95f6581afe35f4a89fad311fd8b49c3677b27233a9d0972da18593a4dbb94d14
- SHA512
  
  475bbd91b16311b2e24db67dd0ff4682730aef9e1a99d4dc9e5ac2734582f10a1671e383820a069255b5250bdeb76681268ceb049b9a8130d6de9db704d043b1
- SSDEEP
  
  49152:A6h3a0f1ABi1jP9LoS8lne0Zv8EgHI7JXYN3bgFNmEgMYmz2qA0Mr7wsVUsNCOzH:xh3aMXoSHfPwksHldLiuNr
Score

1^/10
behavioral11
- Target
  
  vulkan-1.dll
- Size
  
  931KB
- MD5
  
  179c11146cb6a58d8fd631da7f5480ed
- SHA1
  
  47652ed572cafa61ae71bc45d65e77cebe0822ca
- SHA256
  
  43e4f96e6306d584f2cc4b29e56a24731ebf5471459faa8fa983ce8472087263
- SHA512
  
  184c056e20654f9d559c261526bd98805f4b4b8ae52a2e803777f58704414a3cfa7495c7bf0fc4d9e90356398faef03b42da91b7ef443a784bff86e1093d3910
- SSDEEP
  
  24576:AYWOq/4Kt/Ku8n387ecbFb6Z5WoDYsHY6g3P0zAk7sE:AY65/M387R56Z5WoDYsHY6g3P0zAk7s
Score

1^/10
behavioral12
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral13